Your message has been sent, thank you!
Print the page
Please contact us for more information:
Risk Reward Limited
T. +44 (0)20 7638 5558
F. +44 (0)20 7638 5571
Preparing for Risk Management in the Insurance Industry
The Bank of England and the Financial Services Authority published the approach of the new Prudential Regulation Authority in June 2011. It is clear that the new regulators will be building on Solvency II regulation and implementing a new risk -based regime for regulation. This will provide insurance companies with a series of challenges and actions that will need to be actioned.
The new regime is intended to be increasingly focused on the ability of the business model of the insurance company to be sustainable and to meet the expectations of policy holders. This puts increasing demands on the Board, senior management, management information, risk management, systems and controls operated by the Insurance Company. Given that the revised rules are due to be fully implemented and all firms are expected to be fully compliance by 31 December 2012 the expectations of the regulators are that firms will be commencing projects to meet these demands with urgency. There are perhaps eight major areas where a firm will need to consider how it will meet these obligations, which are as follows:
- Risk Management
- Quality of Senior Management
- Management Information
- Stress Testing and Scenario Modelling
- Asset and Liability Management
- Business Model Review
- Non-executive Directors
- Model Review
Let us consider each of these areas briefly:
1. Risk Management
The new Prudential Regulation Authority is clearly putting increased emphasis on risk management which includes the role of internal audit and internal actuaries. They will be seeking to establish that the risk management function and structure implemented within the insurance company is fit for purpose and able to provide the level of support that senior management require.
Historically many insurance companies have not implemented integrated enterprise risk management. It is clear that this will need to be enhanced to meet the demands of these revised requirements. While we do expect additional guidance to be forthcoming during both 2011 and 2012 it is important for a review to be conducted as to the adequacy of the risk management framework.
Working from the key building blocks of an enterprise risk management (ERM) framework firms will require a gap analysis to be conducted to identify where and how existing risk management systems and controls fail to achieve international best practice and the expectations of the Prudential Regulation Authority. It is likely that internal resources will be unsuitable for such work due to their knowledge of risk management in the single firm alone. External consultants are well placed to undertake such work and a firm that is independent, experienced and unregulated can provide the level of assurance required whilst maintaining a level of confidence that would be expected. The decision to use qualified consultants is often the first positive sign to the regulator that the firm is taking their compliance seriously.
The typical output from such an exercise is a gap analysis report supported by a suggested action plan.
2. Senior Management Review
One of the lessons that the Financial Services Authority learnt from the recent financial crisis is that the executive management of a firm need to possess a broad range of skills and also need to be able to interpret the information provided to them. The Prudential Regulatory Authority intends to move forward from the previous ARROW regime implemented by the Financial Services Authority to a more sophisticated structure that considers the ability of the firm to meet the reasonable expectations of policyholders.
Executive senior management need to look at themselves critically to assess the extent to which they are able to achieve the new governance objectives set by the regulator. This will need to consider the structure of reporting within the firm together with the committee structure and terms of reference. Consideration then needs to be given to the skills required to achieve the objectives set by the terms of reference and identify any changes required. This could result in additional training requirements or the appointment of additional resources to supplement those currently in place.
Such reviews can achieve a better understanding of the governance framework together with a clear statement of compliance with regulatory expectations.
3. Management Information Review
Another task that needs to be conducted is a review of management information. There is little point in having a committee structure that is robust if the information that is required to meet the expectations of senior management and the regulator is not available. A management information review will work initially from the both the Terms of Reference of the committee structure and the expectations of the regulators to identify any weaknesses or gaps in reporting.
It will also consider the reliance and timeliness of reporting to enable the committees to achieve their objectives. With our experience of finance, accounting and insurance reporting we are well positioned to provide specific additional advice in this area.
4. Stress Testing and Scenario Modelling
The new regulator has highlighted that they will be placing a high level of confidence on the stress testing and scenario modelling conducted by the institution. Stress testing refers to those extreme events that result from the continuation of a relationship between variables to a plausible extreme. Scenario modelling refers to cases where the event does not result from the continuation of a trend but effectively occurs as a one off item.
The Board will need to both understand and approve the stress and scenario testing regimes. They will need to be complete, credible and lead to actions that would be considered appropriate by the regulator. In designing such enterprise wide stress events the complete spectrum of potential stress and scenarios would need to be considered with the most appropriate ones being evaluated and reported. This is a major issue for many firms requiring knowledge of key staff members and access to reliable and complete information. A review is required in this area to ensure that the programme of stress testing is credible and meets the reasonable expectations of the regulator.
5. Asset and Liability Management
Unlike a bank, insurance companies do not tend to suffer from the liquidity problems that are prevalent in banking. While banks use short term funding to support long term lending, the key issue in insurance is the balance of the insurance premium against the long tail liabilities.
The actuaries of an insurance company will be assessing whether the liabilities have been properly assessed and mitigated. They will need to ensure that such liabilities will not increase significantly under a variety of plausible scenarios which might then undermine the business model. Risk mitigation will need to be assessed to see that it will continue to be effective under such stress conditions.
This is at the heart of the business of insurance and is generally the area which is best managed within the risk management functions of an insurer. Ensuring that there is adequate documentation to enable this to be demonstrated to the regulator and senior management will involve a review being carried out.
6. Business Model Review
The regulator will be assessing the robustness of the business model of the individual firm to anticipated stress events. Such a review should be conducted by the firm itself prior to the regulators assessing such matters. While the regulators will not be approving products they will be seeking to appreciate the impact of the business conducted on the ability of the firm to survive plausible events. This will of course lead to the capital assessment to be conducted by the regulator.
This level of change will make it appropriate for a firm to consider conducting a complete review of its business model to ensure that the operations proposed to be conducted remain adequately profitable under the regulatory regimes to be considered.
7. Non-Executive Directorships
The Prudential Regulation Authority has raised expectations on non-executive directors particularly those sitting on the Risk Management Committee and the Audit Committee. Such attendees will need to be in a position to justify to the regulator that they have sufficient ability to effectively review and investigate the work conducted by executive management.
The skills of such people will need to be considered to ensure that they have the ability in principle to achieve these objectives. In many cases firms will need to appoint additional non-executive directors that possess such skills as will be required. These will typically include knowledge of:
- Risk management
- The business conducted
Firms that do not have access to such skills at present will likely require new people. These requirements will be demanding. The meet them effectively it may be best for a non-executive director to be appointed that has the support of a trusted and proven consultancy firm behind them.
8. Model Review and Validation
The new regulators have identified that inappropriate reliance on models was one of the issues which had been highlighted by the recent financial crisis. Therefore regulators and senior management need to be assured that models are suitable in all areas where they are used.
A complete register of models needs to be developed with each model being reviewed and validated on a regular basis. Documentation needs to be adequate and the model needs to have good predictive ability. This will mean that the assumptions that underpin the model are a complete set of assumptions and have been backtested on the population on which the model is being used.
The model validation and assessment needs to be conducted by a team that was not involved with the development of the model. This ensures the necessary level of independence in the assessment that is required both by senior management and the regulator. Risk specialists have the skills necessary to assess such models and ensure that the documentation is sufficiently transparent and understandable.
There is not a lot of time to deal with the wide range of actions that need to be taken to meet the expectations of the new regulator given the short timetable which is currently envisaged. Since similar resources are required for all of these projects additional supplementary resources will be required by firms to achieve these requirements. The insurance industry has already experienced the limited expertise available within the UK market for Solvency II projects and costs for independent consultants vary wildly. Chief Executives, Chief Operating Officers, Chief Financial Officers, and recently appointed Chief Risk Officers of insurance firms, (whether former Chief Actuaries or current Chief Actuaries), will continue to be challenged in their search and selection of appropriate risk, governance, regulatory reporting and modelling expertise and skills sets from among the existing recruitment firms and interim management agencies.
To read the first article in this series, Who Manages Risk Better: Banks or Insurers? please visit www.riskrewardlimited.com/publications
Solvency II - Implementation
The European Commission has launched a new set of regulations under Solvency II for Insurance companies. The new regulations will have a significant impact on how Insurance and Reinsurance firms align themselves. This new initiative will closely examine the way insurers are required to address internal governance, risk and capital management processes. Solvency II will establish a uniform and consistent framework for Insurance firms in Europe - creating greater transparency and a level playing field - and transforming the way insurers conduct operations.
Preparing for Solvency II Means Gaining A Competitive Advantage
The proposed date for implementation of Solvency II is 2012 and experience with other changes of this magnitude indicates that the lead times can be significant.
The UK regulator is keen to ensure that insurance companies or insurance units within banks are preparing for capital adequacy now, even though the new rules are still in the consultation phase.
This new mandate will dramatically change how firms allocate, calculate and manage capital, by setting minimum requirements at group and company level.
This new holistic regulatory framework utilises a risk-based approach to establish capital and liquidity requirements.
Risk Reward's Interdisciplinary Approach
As an award- winning risk management consultancy and training firm Risk Reward is uniquely positioned to support the technical requirements of Solvency II implementation and compliance for insurance companies and especially those in emerging markets where the insurance sector is new and/or growing rapidly.
Some of the recent failures of Solvency II implementation and compliance have been due to the over reliance on actuarial models and/or systems.
Risk Reward experts bring the necessary 360 degree multi-disciplinary approach to your Solvency II project including:
- Risk management (enterprise risk, credit risk, liquidity risk and operational risk)
- Implementation of Basel pillars experience
- Regulatory compliance
- Internal audit oversight
Our expert consultants have UK and international insurance and compliance company experience in these areas and many are also qualified trainers to the Chartered Insurers Institute (CII) Solvency I public training programme. They are able to create end-to-end projects, serve as ad hoc team members working in harmony with your firm's project teams as technical support, outsourced or in-sourced, short or longer term, as well as conduct in-house training for Board level and senior management and throughout the organisation.
For more information about how Risk Reward experts can support your Solvency II project please contact Mark Dougherty at MJD@riskrewardlimited.com